diff --git a/setup.py b/setup.py
index 4584cc232c0adf1a725a102d763ca37a55eca08b..d27b5bf0f945e0d08d5df6387781452aa84a794e 100644
--- a/setup.py
+++ b/setup.py
@@ -57,7 +57,6 @@ setup(name=name,
           'equeue = slapos.recipe.equeue:Recipe',
           'erp5testnode = slapos.recipe.erp5testnode:Recipe',
           'generate.mac = slapos.recipe.generatemac:Recipe',
-          'generic.kvm = slapos.recipe.generic_kvm:Recipe',
           'generic.kvm.frontend = slapos.recipe.generic_kvm_frontend:Recipe',
           'generic.nbdserver = slapos.recipe.generic_nbdserver:Recipe',
           'generic.novnc = slapos.recipe.generic_novnc:Recipe',
diff --git a/slapos/recipe/generic_kvm/__init__.py b/slapos/recipe/generic_kvm/__init__.py
deleted file mode 100644
index 54ec9a442a48014717616d341d37e705fcd53bd3..0000000000000000000000000000000000000000
--- a/slapos/recipe/generic_kvm/__init__.py
+++ /dev/null
@@ -1,76 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
-#
-# WARNING: This program as such is intended to be used by professional
-# programmers who take the whole responsibility of assessing all potential
-# consequences resulting from its eventual inadequacies and bugs
-# End users who are looking for a ready-to-use solution with commercial
-# guarantees and support are strongly adviced to contract a Free Software
-# Service Company
-#
-# This program is Free Software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 3
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
-#
-##############################################################################
-from slapos.recipe.librecipe import GenericBaseRecipe
-import binascii
-import os
-import sys
-
-class Recipe(GenericBaseRecipe):
-  """
-  kvm instance configuration.
-  """
-
-  def __init__(self, buildout, name, options):
-    options['passwd'] = binascii.hexlify(os.urandom(4))
-    return GenericBaseRecipe.__init__(self, buildout, name, options)
-
-  def install(self):
-    config = dict(
-      tap_interface=self.options['tap'],
-      vnc_ip=self.options['vnc-ip'],
-      vnc_port=self.options['vnc-port'],
-      nbd_ip=self.options['nbd-ip'],
-      nbd_port=self.options['nbd-port'],
-      disk_path=self.options['disk-path'],
-      disk_size=self.options['disk-size'],
-      mac_address=self.options['mac-address'],
-      smp_count=self.options['smp-count'],
-      ram_size=self.options['ram-size'],
-      socket_path=self.options['socket-path'],
-      pid_file_path=self.options['pid-path'],
-      python_path=sys.executable,
-      shell_path=self.options['shell-path'],
-      qemu_path=self.options['qemu-path'],
-      qemu_img_path=self.options['qemu-img-path'],
-      # XXX Weak password
-      vnc_passwd=self.options['passwd']
-    )
-
-    # Runners
-    runner_path = self.createExecutable(
-      self.options['runner-path'],
-      self.substituteTemplate(self.getTemplateFilename('kvm_run.in'),
-                              config))
-
-    controller_path = self.createExecutable(
-      self.options['controller-path'],
-      self.substituteTemplate(self.getTemplateFilename('kvm_controller_run.in'),
-                              config))
-
-
-    return [runner_path, controller_path]
-
diff --git a/slapos/recipe/kvm/__init__.py b/slapos/recipe/kvm/__init__.py
index 045f7949643d46716d01e81668d3afa0bd0266b5..54ec9a442a48014717616d341d37e705fcd53bd3 100644
--- a/slapos/recipe/kvm/__init__.py
+++ b/slapos/recipe/kvm/__init__.py
@@ -1,6 +1,6 @@
 ##############################################################################
 #
-# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
 #
 # WARNING: This program as such is intended to be used by professional
 # programmers who take the whole responsibility of assessing all potential
@@ -24,100 +24,53 @@
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 #
 ##############################################################################
+from slapos.recipe.librecipe import GenericBaseRecipe
+import binascii
 import os
 import sys
-from slapos.recipe.librecipe import BaseSlapRecipe
-import subprocess
-import binascii
-import random
-import zc.buildout
-import pkg_resources
-import ConfigParser
-import hashlib
-
-FALSE_VALUE_LIST = ['n', 'no', '0', 'false']
-
-class Recipe(BaseSlapRecipe):
-
-#   # To avoid magic numbers
-#   VNC_BASE_PORT = 5900
 
-  def _install(self):
-    """
-    Set the connection dictionnary for the computer partition and create a list
-    of paths to the different wrappers
+class Recipe(GenericBaseRecipe):
+  """
+  kvm instance configuration.
+  """
 
-    Parameters : none
+  def __init__(self, buildout, name, options):
+    options['passwd'] = binascii.hexlify(os.urandom(4))
+    return GenericBaseRecipe.__init__(self, buildout, name, options)
 
-    Returns    : List path_list
-    """
-    self.path_list = []
-
-    self.requirements, self.ws           = self.egg.working_set()
-    self.cron_d                          = self.installCrond()
-
-    self.ca_conf                         = self.installCertificateAuthority()
-    self.key_path, self.certificate_path = self.requestCertificate('noVNC')
-
-    # Install the socket_connection_attempt script
-    catcher = zc.buildout.easy_install.scripts(
-      [('check_port_listening', 'slapos.recipe.kvm.socket_connection_attempt',
-        'connection_attempt')],
-      self.ws,
-      sys.executable,
-      self.bin_directory,
+  def install(self):
+    config = dict(
+      tap_interface=self.options['tap'],
+      vnc_ip=self.options['vnc-ip'],
+      vnc_port=self.options['vnc-port'],
+      nbd_ip=self.options['nbd-ip'],
+      nbd_port=self.options['nbd-port'],
+      disk_path=self.options['disk-path'],
+      disk_size=self.options['disk-size'],
+      mac_address=self.options['mac-address'],
+      smp_count=self.options['smp-count'],
+      ram_size=self.options['ram-size'],
+      socket_path=self.options['socket-path'],
+      pid_file_path=self.options['pid-path'],
+      python_path=sys.executable,
+      shell_path=self.options['shell-path'],
+      qemu_path=self.options['qemu-path'],
+      qemu_img_path=self.options['qemu-img-path'],
+      # XXX Weak password
+      vnc_passwd=self.options['passwd']
     )
-    # Save the check_port_listening script path
-    check_port_listening_script = catcher[0]
-    # Get the port_listening_promise template path, and save it
-    self.port_listening_promise_path = pkg_resources.resource_filename(
-      __name__, 'template/port_listening_promise.in')
-    self.port_listening_promise_conf = dict(
-     check_port_listening_script=check_port_listening_script,
-    )
-
-    vnc_port = Recipe.VNC_BASE_PORT + kvm_conf['vnc_display']
 
-    noVNC_conf = self.installNoVnc(source_ip   = self.getGlobalIPv6Address(),
-                                   source_port = 6080,
-                                   target_ip   = kvm_conf['vnc_ip'],
-                                   target_port = vnc_port)
+    # Runners
+    runner_path = self.createExecutable(
+      self.options['runner-path'],
+      self.substituteTemplate(self.getTemplateFilename('kvm_run.in'),
+                              config))
 
-    ipv6_url = 'https://[%s]:%s/vnc_auto.html?host=[%s]&port=%s&encrypt=1' % (
-      noVNC_conf['source_ip'], noVNC_conf['source_port'],
-      noVNC_conf['source_ip'], noVNC_conf['source_port'])
+    controller_path = self.createExecutable(
+      self.options['controller-path'],
+      self.substituteTemplate(self.getTemplateFilename('kvm_controller_run.in'),
+                              config))
 
-    # Request frontend slave instance, unless contrary is specified
-    # XXX-Cedric : HARDCODE : during dev, request is OPT-IN
-    request_frontend = self.parameter_dict.get('frontend', 'false')
-    #request_frontend = self.parameter_dict.get('frontend', True)
-    if not request_frontend in FALSE_VALUE_LIST:
-      slave_frontend = self.request(
-        # XXX-Cedric : Use KVM Software Type to instantiate kvmfrontend.
-        #              kvmfrontend should be in KVM recipe but using different
-        #              software type.
-        software_release='/opt/slapdev/software/kvm-frontend/software.cfg',
-        software_type='RootSoftwareInstance',
-        partition_reference='frontend',
-        shared=True,
-        partition_parameter_kw={"host":noVNC_conf['source_ip'], 
-            "port":noVNC_conf['source_port']}
-      )
-      url = '%s/vnc_auto.html?host=%s&port=%s&encrypt=1&path=%s' % (
-        slave_frontend.getConnectionParameter('site_url'),
-        slave_frontend.getConnectionParameter('domainname'),
-        slave_frontend.getConnectionParameter('port'),
-        slave_frontend.getConnectionParameter('resource'))
-      connection_dict = dict(
-        url = url,
-        backend_url = ipv6_url,
-        password = kvm_conf['vnc_passwd'])
-    else:
-      # No frontend : just set raw IPv6
-      connection_dict = dict(
-          url = ipv6_url,
-          password = kvm_conf['vnc_passwd'])
 
-    self.computer_partition.setConnectionDict(connection_dict)
+    return [runner_path, controller_path]
 
-    return self.path_list
diff --git a/slapos/recipe/kvm/certificate_authority.py b/slapos/recipe/kvm/certificate_authority.py
deleted file mode 100755
index d05a460649c01edefd09e5caa09f3feab899ddcf..0000000000000000000000000000000000000000
--- a/slapos/recipe/kvm/certificate_authority.py
+++ /dev/null
@@ -1,114 +0,0 @@
-import os
-import subprocess
-import time
-import ConfigParser
-import uuid
-
-
-def popenCommunicate(command_list, input=None):
-  subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
-  if input is not None:
-    subprocess_kw.update(stdin=subprocess.PIPE)
-  popen = subprocess.Popen(command_list, **subprocess_kw)
-  result = popen.communicate(input)[0]
-  if popen.returncode is None:
-    popen.kill()
-  if popen.returncode != 0:
-    raise ValueError('Issue during calling %r, result was:\n%s' % (
-      command_list, result))
-  return result
-
-
-class CertificateAuthority:
-  def __init__(self, key, certificate, openssl_binary,
-      openssl_configuration, request_dir):
-    self.key = key
-    self.certificate = certificate
-    self.openssl_binary = openssl_binary
-    self.openssl_configuration = openssl_configuration
-    self.request_dir = request_dir
-
-  def checkAuthority(self):
-    file_list = [ self.key, self.certificate ]
-    ca_ready = True
-    for f in file_list:
-      if not os.path.exists(f):
-        ca_ready = False
-        break
-    if ca_ready:
-      return
-    for f in file_list:
-      if os.path.exists(f):
-        os.unlink(f)
-    try:
-      # no CA, let us create new one
-      popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
-          self.openssl_configuration, '-new', '-x509', '-extensions', 'v3_ca',
-          '-keyout', self.key, '-out', self.certificate, '-days', '10950'],
-          # Authority name will be random, so no instance has the same issuer
-          'Certificate Authority %s\n' % uuid.uuid1())
-    except:
-      try:
-        for f in file_list:
-          if os.path.exists(f):
-            os.unlink(f)
-      except:
-        # do not raise during cleanup
-        pass
-      raise
-
-  def _checkCertificate(self, common_name, key, certificate):
-    file_list = [key, certificate]
-    ready = True
-    for f in file_list:
-      if not os.path.exists(f):
-        ready = False
-        break
-    if ready:
-      return False
-    for f in file_list:
-      if os.path.exists(f):
-        os.unlink(f)
-    csr = certificate + '.csr'
-    try:
-      popenCommunicate([self.openssl_binary, 'req', '-config',
-        self.openssl_configuration, '-nodes', '-new', '-keyout',
-        key, '-out', csr, '-days', '3650'],
-        common_name + '\n')
-      try:
-        popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
-          self.openssl_configuration, '-out', certificate,
-          '-infiles', csr])
-      finally:
-        if os.path.exists(csr):
-          os.unlink(csr)
-    except:
-      try:
-        for f in file_list:
-          if os.path.exists(f):
-            os.unlink(f)
-      except:
-        # do not raise during cleanup
-        pass
-      raise
-    else:
-      return True
-
-  def checkRequestDir(self):
-    for request_file in os.listdir(self.request_dir):
-      parser = ConfigParser.RawConfigParser()
-      parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
-      if self._checkCertificate(parser.get('certificate', 'name'),
-          parser.get('certificate', 'key_file'), parser.get('certificate',
-            'certificate_file')):
-        print 'Created certificate %r' % parser.get('certificate', 'name')
-
-def runCertificateAuthority(args):
-  ca_conf = args[0]
-  ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
-      ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
-      ca_conf['request_dir'])
-  while True:
-    ca.checkAuthority()
-    ca.checkRequestDir()
-    time.sleep(60)
diff --git a/slapos/recipe/generic_kvm/template/kvm_controller_run.in b/slapos/recipe/kvm/template/kvm_controller_run.in
similarity index 100%
rename from slapos/recipe/generic_kvm/template/kvm_controller_run.in
rename to slapos/recipe/kvm/template/kvm_controller_run.in
diff --git a/slapos/recipe/generic_kvm/template/kvm_run.in b/slapos/recipe/kvm/template/kvm_run.in
similarity index 100%
rename from slapos/recipe/generic_kvm/template/kvm_run.in
rename to slapos/recipe/kvm/template/kvm_run.in
diff --git a/slapos/recipe/kvm/template/openssl.cnf.ca.in b/slapos/recipe/kvm/template/openssl.cnf.ca.in
deleted file mode 100644
index 67067178b951729004cc20c0156bc76d8d968d23..0000000000000000000000000000000000000000
--- a/slapos/recipe/kvm/template/openssl.cnf.ca.in
+++ /dev/null
@@ -1,350 +0,0 @@
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME			= .
-RANDFILE		  = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file      		  = $ENV::HOME/.oid
-oid_section		    = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions	     	= 
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-# Policies used by the TSA examples.
-tsa_policy1 = 1.2.3.4.1
-tsa_policy2 = 1.2.3.4.5.6
-tsa_policy3 = 1.2.3.4.5.7
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= %(working_directory)s		# Where everything is kept
-certs		= $dir/certs			  # Where the issued certs are kept
-crl_dir		= $dir/crl			    # Where the issued crl are kept
-database	= $dir/index.txt		    # database index file.
-#unique_subject	= no			      	       # Set to 'no' to allow creation of
-		      					       	     # several ctificates with same subject.
-new_certs_dir	= $dir/newcerts	       # default place for new certs.
-
-certificate	= $dir/cacert.pem 	       # The CA certificate
-serial		= $dir/serial 	       	 # The current serial number
-crlnumber	= $dir/crlnumber		 # the current crl number
-				       # must be commented out to leave a V1 CRL
-crl		= $dir/crl.pem        # The current CRL
-private_key	= $dir/private/cakey.pem # The private key
-RANDFILE	= $dir/private/.rand	  # private random number file
-
-x509_extensions	= usr_cert		    # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt      = ca_default		# Subject Name options
-cert_opt      = ca_default		  # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days	 = 3650			# how long to certify for
-default_crl_days = 30			      # how long before next CRL
-default_md	 = default		      	# use public key default MD
-preserve	 = no				      # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy	       	      = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName	= match
-stateOrProvinceName	= match
-organizationName	= match
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-####################################################################
-[ req ]
-default_bits		= 2048
-default_md		= sha1
-default_keyfile 	= privkey.pem
-distinguished_name	= req_distinguished_name
-#attributes		= req_attributes
-x509_extensions		= v3_ca	# The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options. 
-# default: PrintableString, T61String, BMPString.
-# pkix	    : PrintableString, BMPString (PKIX recommendation before 2004)
-# utf8only: only UTF8Strings (PKIX recommendation after 2004).
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
-string_mask = utf8only
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName				= Country Name (2 letter code)
-countryName_value			= %(country_code)s
-countryName_min				= 2
-countryName_max				= 2
-
-stateOrProvinceName			= State or Province Name (full name)
-stateOrProvinceName_value		= %(state)s
-
-localityName				= Locality Name (eg, city)
-localityName_value			= %(city)s
-
-0.organizationName			= Organization Name (eg, company)
-0.organizationName_value		= %(company)s
-
-# we can do this but it is not needed normally :-)
-#1.organizationName  	= Second Organization Name (eg, company)
-#1.organizationName_default	 = World Wide Web Pty Ltd
-
-commonName	   = Common Name (eg, your name or your server\'s hostname)
-commonName_max	   = 64
-
-emailAddress	   = Email Address
-emailAddress_value = %(email_address)s
-emailAddress_max   = 64
-
-# SET-ex3	   = SET extension number 3
-
-#[ req_attributes ]
-#challengePassword	= A challenge password
-#challengePassword_min	= 4
-#challengePassword_max	= 20
-#
-#unstructuredName	= An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType 	    = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment      		 = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This is required for TSA certificates.
-# extendedKeyUsage = critical,timeStamping
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType 	    = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment      		 = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
-
-####################################################################
-[ tsa ]
-
-default_tsa = tsa_config1	# the default TSA section
-
-[ tsa_config1 ]
-
-# These are used by the TSA reply generation only.
-dir	                = /etc/pki/tls  	  # TSA root directory
-serial	                = $dir/tsaserial	  # The current serial number (mandatory)
-crypto_device           = builtin		    # OpenSSL engine to use for signing
-signer_cert             = $dir/tsacert.pem    # The TSA signing certificate
-	      		      	  # (optional)
-certs	                = $dir/cacert.pem	# Certificate chain to include in reply
-		  	      # (optional)
-signer_key              = $dir/private/tsakey.pem # The TSA private key (optional)
-
-default_policy          = tsa_policy1		  # Policy if request did not specify it
-					    	   # (optional)
-other_policies          = tsa_policy2, tsa_policy3 # acceptable policies (optional)
-digests	                = md5, sha1  	      # Acceptable message digests (mandatory)
-accuracy                = secs:1, millisecs:500, microsecs:100	   # (optional)
-clock_precision_digits  = 0	    # number of digits after dot. (optional)
-ordering		= yes	    # Is ordering defined for timestamps?
-			  	       # (optional, default: no)
-tsa_name		= yes	    # Must the TSA name be included in the reply?
-			  	      # (optional, default: no)
-ess_cert_id_chain	= no	   # Must the ESS cert id chain be included?
-				     # (optional, default: no)
diff --git a/slapos/recipe/kvm/template/slapmonitor_run.in b/slapos/recipe/kvm/template/slapmonitor_run.in
deleted file mode 100644
index c790e0904af68481fb1b6f13d9cdbd64454b4ad7..0000000000000000000000000000000000000000
--- a/slapos/recipe/kvm/template/slapmonitor_run.in
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-# BEWARE: This file is operated by slapgrid
-# BEWARE: It will be overwritten automatically
-exec %(python_path)s %(slapmonitor_path)s %(pid_file_path)s %(database_path)s
diff --git a/slapos/recipe/kvm/template/slapreport_run.in b/slapos/recipe/kvm/template/slapreport_run.in
deleted file mode 100644
index 4b3dd99a377d0dcbcf256255c056877811dce397..0000000000000000000000000000000000000000
--- a/slapos/recipe/kvm/template/slapreport_run.in
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-# BEWARE: This file is operated by slapgrid
-# BEWARE: It will be overwritten automatically
-exec %(python_path)s %(slapreport_path)s $1 %(database_path)s
diff --git a/software/kvm/instance-kvm.cfg b/software/kvm/instance-kvm.cfg
index 7a53560559027e315de504629b2bf0b540bc5d25..3dec1bc2e8274d7eaa0ca3032407f3787a14b79a 100644
--- a/software/kvm/instance-kvm.cfg
+++ b/software/kvm/instance-kvm.cfg
@@ -34,7 +34,7 @@ ca-dir = $${rootdirectory:srv}/ssl
 recipe = slapos.cookbook:generate.mac
 
 [kvm-instance]
-recipe = slapos.cookbook:generic.kvm
+recipe = slapos.cookbook:kvm
 vnc-ip = $${slap-network-information:local-ipv4}
 vnc-port = 5901
 nbd-ip = $${slap-parameter:nbd_ip}
diff --git a/software/kvm/software.cfg b/software/kvm/software.cfg
index 8ed6f907fd6aac3614d019f7417bd2933cbf133f..f65aeaacdf7627db66ab54c4bf5b0067ee0e2f97 100644
--- a/software/kvm/software.cfg
+++ b/software/kvm/software.cfg
@@ -170,7 +170,7 @@ command =
 [template-kvm]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-kvm.cfg
-md5sum = 351d611fc7c1b210e14e14832c21752c
+md5sum = ce62abe1edabc78a4baa574a39d7faa0
 output = ${buildout:directory}/template-kvm.cfg
 mode = 0644